The /atg/dynamo/servlet/dafpipeline/SecurityServlet
component, and therefore query parameter validation, is enabled by default. You can disable validation by removing SecurityServlet
from the request handling pipeline. To do this, set its insertAfterServlet
property to null:
insertAfterServlet^=/Constants.null
Note that this disables filtering of query parameters only, not of POST parameters. For information about disabling validation of POST parameters, see Disabling POST Parameter Validation.
Keep in mind that disabling validation is strongly discouraged, as it can leave your application vulnerable to cross-site attacks.